How To: Anti-Virus in Kali Linux

Anti-Virus in Kali Linux

Hello fellows nullbyters, first of i will start saying that im addicted to this community, i feel the challenge growing up so fast, all the newbies, amateurs,advanced and professionals hackers around trying their best to help the community, badly but we got some script-kids too but anyway, today we are going to learn how to install and use clanAV in kali linux..

INTRODUCTION

Is no longer true when someone says your Linux or your Mac don't get viruses, despite the Windows be more popular and more obviously targeted by malware, security systems do not always advance as quickly as their vulnerabilities. Fortunately it is possible to learn to protect without many difficulties.

So for guys like me that wanna take security to the paranoid level here we go.

what is ClanAV?

is a set of tools developed originally for UNIX operating systems, in addition to antivirus scan by command lines, it also scans e-mails and has a tool to update the database, as well as other features.

INSTALLATION
this process is so easy, we can get it using the apt-get commands, so lets start our kali linux
Before starting:

if you are using Kali since half the tools out there would be detected as a virus and whenever you make a payload it would also detect it as a virus. im using kali just to demonstrate how you can use it, you better use it on your own responsibility or in a non hacking distro

apt-get install clamav

To check the syntax and your options use
man clamscan

for the full option you can run
clamscan --help

SCANNING
Now lets scan our computer using the clamscan
clamscan

As you can see from the above screenshot its scanning file by file and flagging it with "OK " that means the file is ok but have a look in that red underline.. it says"PHP -1 FOUND" and from the summary its saying "1 infected file" it means this file contains a virus and even tho this file is actually a shell that i use to test websites for shell upload vulnerability,the test showed us that it can catch knows threats, its good to run it daily so that you can check your files manually and make sure that is a trustable file.

Now you can remove this file manually,using the command "rm" or just run
clamscan -r --remove /directory and it will remove all threats it found

Now lets scan a directory

For this example i will use the download directory as sometimes we might download trash from the internet its good to check every file we download

the "r" means recursive scan
clamscan -r /root/Downloads

Luckily according to clamAv i dont have any threat inside my download folder..
for those lazies nullbyters you can use its gui version
just run
apt-get install clamtk
and after installation run it and start playing with the toys.

for today that is all if you wanna go deep on its full usage just RFM

Note: if you are using Kali since half the tools out there would be detected as a virus and whenever you make a payload it would also detect it as a virus. im using kali just to demonstrate how you can use it, you better use it on your own responsibility or in a non hacking distro

Hacked by Mr__Nakup3nda

Just updated your iPhone? You'll find new features for TV, Messages, News, and Shortcuts, as well as important bug fixes and security patches. Find out what's new and changed on your iPhone with the iOS 17.6 update.

12 Comments

Good to know, although I wouldn't install it if I'm using Kali since half the tools out there would be detected as a virus and whenever you make a payload it would also detect it as a virus.

Although it is definitely viable for a non hacking distro.

Cheers,
Washu

I agree with Washu. Do not run any AV on Kali!! It will detect your tools as malicious and try to quarantine them, making a mess of your hacking platform.

i agree with y'all but at some point i think its good to have it, you can always run it manually when you are suspecting a file or folder, but anyway thanks OTW and Washu for the advice i will edit and try to redirect the next readers to use it for a non hacking distro..plus clam av is a very cool av and its open source so you can edit according to your needs, and its not so rude deleting or making quarentine on your files as other out there

Hacked by Mr__Nakup3nda

I agree about not installing any AV on kali. It will corrupt the payloads and even collect some data about the payloads and then next time they will update definitions and our payloads wont be working. It is a total disaster for the project.

However as a newbie, i would like to ask OTW, is our kali linux safe by how it is now without any AV? or what protection do you use? thanks for your reply.

But still.. A good tutorial... :D

Clamav actually detects windows viruses. If say you are sending a file to a winOS maybe a program, you can scan it with clamav to see if it is malicious.

I've used for a while and it didnot detect kali tools as viruses, well at least that was the last time I checked.

i wont agree with you in saying that only detects windows virus, coz you can see from the above screenshot it detects my malicious jpg file aka " shell" ,so that means for secured servers i wont be able to upload it through the uploader, and i tested on mac too, its rare and almost impossible to find virus for linux and mac but we never know,and about the scanning yes you are right , it will detect as virus only tools that come with malicious files, tools like metasploit if you run a scan thru it it will detect a lot of infected files..

Hacked by Mr__Nakup3nda

Well, I do get your point about the windows only thing. What I think I wanted to say was perhaps known viruses.

Clamav make your system a little bit heavy and slow. May be it's a good choice to clean up your system against such malicious activities but making performance in compromise is not a good option. Can u suggest some other options?

HELP BROTHER ..

root@READ:~# clamscan -r /root/Downloads
LibClamAV Error: cli_loaddbdir(): No supported database files found in /var/lib/clamav
ERROR: Can't open file or directory

----------- SCAN SUMMARY -----------
Known viruses: 0
Engine version: 0.99.2
Scanned directories: 0
Scanned files: 0
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 0.005 sec (0 m 0 s)
root@READ:~#

this anti virus sucks this tool was going to delete my hacking stuff

It just scanned that stuff which i have created. Shells!!! Boring

Share Your Thoughts

  • Hot
  • Latest